Skip to content

Commit 232efb4

Browse files
ravindk89ravindk89
committed
DOCSP-5331: Access Control for creating Views
1 parent 43b9991 commit 232efb4

File tree

1 file changed

+29
-15
lines changed

1 file changed

+29
-15
lines changed

source/includes/extracts-create-cmd.yaml

Lines changed: 29 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,8 @@ ref: access-control-create-cmd
22
content: |
33
44
If the deployment enforces
5-
:ref:`authentication/authorization <authentication>`,
6-
{{operation}} requires that the authenticated user have the
7-
following privileges:
5+
:ref:`authentication/authorization <authentication>`,
6+
{{operation}} requires the following privileges:
87
98
.. list-table::
109
:header-rows: 1
@@ -45,26 +44,37 @@ content: |
4544
:authaction:`find` on the view to create does not have
4645
sufficient privileges.
4746
47+
The :authrole:`readWrite` built in role includes the required
48+
privileges. Alternatively, you can
49+
:ref:`create a custom role <create-user-defined-role>` to support
50+
{{operation}}.
51+
4852
post : |
4953
50-
The :authrole:`readWrite` built in role provides the appropriate
51-
privileges for executing {{operation}}. Create a user and assign it
52-
the :authrole:`readWrite` role for the database in which you want to
53-
run {{operation}}:
54+
The following example uses the :method:`db.createUser()` method to
55+
create a user in the ``admin`` database with the ``readWrite``
56+
role on the ``inventory`` and ``employees`` database:
5457
5558
.. code-block:: javascript
5659
57-
db.getSiblingDB("replaceThisDatabaseName").createUser(
60+
db.getSiblingDB("admin").createUser(
5861
{
59-
"user" : "replaceThisUserName",
62+
"user" : "createViewUser",
6063
"pwd" : "replaceThisWithASecurePassword",
61-
"roles" : [ "readWrite" ]
64+
"roles" : [
65+
{ "db" : "inventory", "role" : "readWrite" },
66+
{ "db" : "employees", "role" : "readWrite" }
67+
]
6268
}
6369
)
6470
65-
For more examples of user creation, see
66-
:doc:`/tutorial/create-users`. For a tutorial on adding privileges to
67-
an existing database user, see :ref:`modify-existing-user-access`.
71+
The created user can execute {{operation}} on the specified databases.
72+
For more examples of user creation, see :doc:`/tutorial/create-users`.
73+
74+
Alternatively, you can add the required roles to an existing user
75+
using :method:`db.grantRolesToUser()`. For a tutorial on adding
76+
privileges to an existing database user, see
77+
:ref:`modify-existing-user-access`.
6878
replacement:
6979
operation : ":dbcommand:`create`"
7080
---
@@ -80,8 +90,7 @@ content : |
8090
8191
If the deployment enforces
8292
:ref:`authentication/authorization <authentication>`,
83-
the :method:`db.createView()` method requires the authenticated user
84-
have the following privileges:
93+
{{operation}} requires the following privileges:
8594
8695
- :authaction:`createCollection` on the database
8796
@@ -100,6 +109,11 @@ content : |
100109
and :authaction:`find` on the view to create does not have sufficient
101110
privileges.
102111
112+
The :authrole:`readWrite` built in role includes the required
113+
privileges. Alternatively, you can
114+
:ref:`create a custom role <create-user-defined-role>` to support
115+
{{operation}}.
116+
103117
source:
104118
file: extracts-create-cmd.yaml
105119
ref: access-control-create-cmd

0 commit comments

Comments
 (0)